Most folks around here already know this, so this is for the uninformed and unprotected... Check all your domains if you have not already (I didn't and I lost a site to this). Check to see if you are protected.
In your browser address bar type in the URL of your website, that you don’t want to drop in the rankings (with and without the www) take note of where you end up. Does the URL have a www or not? (using Webbug and looking for redirects is a much better way). If you do not use the www and you send up at the www page or vice versa then the site is protected and this won't hurt.
If however, when you enter the URL without the www and you end up at the non-www URL and when you enter the URL with the www and you end up at the www URL your site is prime for a major dumping on.
If your site is not protected someone could;
Find some places to drop some links for you. This evil person could drop some links using the non-www URL (or if the site is set up for non-www linking link to the www page).
If someone were to do this to you, you would see the results in google in a very short time. The site that got hit can expect to be out of the running for some time, even if you discover the problem and correct it, it will take months to recover.
Using the incorrect URL as described above will trigger a duplicate penality in google for the effected site.
Their are several ways to protect your site. The simplest way I know of is to use a 301 redirect.
Of course, if you are "evil" you could reverse this and go after your competitors...